The SME space is changing, and emerging leaders are utilising affordable, flexible and scalable big data and analytics tools. SMEs are confident about their ability to innovate, but much less certain about their ability to use big data and advanced analytics to do so...

For businesses large and small, relying on a cloud-based collaboration and productivity suite such as Microsoft Office 365 is becoming the norm. Enhancing productivity in your organisation is vital to get ahead in 2017 - and using Office 365 can help, if it's used right...

Declaring war on mobile hackers

Mobile and wireless access to enterprise networks, driven by companies seeking to improve productivity and increase profits by mobilising workers, is one of the hottest growth areas in the IT industry.

There is no doubt that a carefully implemented roll-out of mobile access will free key employees from the chains of their desks, and allow them to do their jobs in a more flexible and effective manner using mobile and wireless devices such as laptops, PDAs and smartphones.

However, opening up networks to employees needing remote access to mission critical systems also opens up a Pandora's Box for IT mangers who need to ensure that the same remote access cannot be used by malicious hackers to wreak havoc.

"Data that is transported outside of the organisation is facing a continuous threat. Mobile devices can be lost or stolen which means that the information they contain can be lost to a company," warned Neil Barrett, technical director at Information Risk Management.

"If they are stolen the data needs to be protected so there is a requirement for confidentiality. This in turn points to a requirement for encryption and a for access password controls of a suitable strength for the information that is being carried.

"For mobile workers, it has to be said that there are no real new security challenges, but the existing security challenges are writ large because they fall outside the control of the main organisation."

According to Barrett, one of the main issues facing IT mangers attempting to secure mobile network access comes from individuals within companies who are increasingly accessing systems using their own mobile and wireless devices without any centralised control.

"Companies are taking mobile security seriously, but the main problem is that wireless networks are not enacted primarily by the companies themselves," explained Barrett.

"They are rolled out by individuals; someone from a department who gets a wizzo mobile device for Christmas and decides to use it to access work systems. Companies understand the risk implicitly, but these employees do not."

Industry analyst Butler Group agreed that a lack of IT department control over these devices being connected to company networks by individuals is creating a growing security problem.

"A lot of wireless access is being foisted on IT managers by the high powered executives who have just got the latest smartphone for Christmas and demand that they be able to use it to access their corporate email," said Alan Lawson, research analyst at Butler Group.

Growing popularity of wireless LansEvidence suggests that this 'bottom up' approach to wireless deployment is contributing to the fast growing popularity of wireless local area networks (Lans).

"Because the users who have wireless Lans at home are driving the need for wireless Lans in corporations, the security weaknesses of their small office/home office [SoHo] products have created the current wireless Lan security perceptions," said Mike Banic, director of product marketing at Trapeze Networks.

Lawson highlighted the broadcast characteristics of wireless Lans, which can make network access available outside a company's offices, as a key issue.

"The problem we have is that most network administrators cannot provide effective security for fixed infrastructures, so the problem is much greater with wireless technology as a hacker could just walk into the area around the company's network," he said. "Witness incidents such as drive-by spamming. It creates a tremendous problem."

Barrett agreed that securing wireless Lans should be treated as an imperative. "Wireless gives you more opportunity to mess up from the perspective of the organisation," he explained.

"And there are issues for the remote workers themselves. With a wireless network signals are broadcast outside the office so the issue is that a hacker with a transceiver can pick up this medium and, if security is not strong enough, authenticate themselves on that medium. Then they can piggyback the legitimate connections."

Banic argued that wireless Lan security is rapidly maturing as today's enterprise products offer strong authentication using protocols such as IEEE 802.1X/PEAP that only permit legitimate users onto the network.

He added that these systems also support dynamic encryption keying to try and eliminate the possibility of a hacker breaking the cryptography by capturing a serious of packets to determine the value of the static key.

Hackers target new platformsAs wireless Lan deployments are becoming mainstream, companies are taking the security issues more seriously, but next-generation mobile devices such as GPRS and 3G smartphones represent a growing threat as hackers begin to target the platforms.

"As 2.5G and 3G networks become part of our everyday life, hackers and virus writers will launch attacks that exploit these new technologies," said Arvind Narain, senior vice president at McAfee Security.

The company predicts that, as more mobile devices begin to run PC-like software, malicious users will find it easier to attack these systems.

However, while acknowledging that such devices could be used by hackers, Barrett pointed out that there is currently no evidence of real-world instances of security breaches via smartphones.

He advised that, whatever the device being used to connect to the network, it is the actual nature of the connection that must be secured.

"The issue with opening up an access point is firstly to make sure that it is not a back door," he said.

"These connections should not go directly onto the corporate backbone. They should go to a separate, dedicated demilitarised zone and usually the most secure access should be through a secured extranet or virtual private network."